Can not authorize with scratch code.

Question

Can not authorize with scratch code.

liond92 opened this issue 5 years ago · comments

I have configured number digit of GoogleAuthenticatorConfig is 6 and when creating a credential, the scratch codes are 16894571,13596056,71421292,55952635,70416665,17449606
and the secret key is YKCKCEC7K7COQRJC.
I try to authorize with scratch code but the result is false

iGoogleAuthenticator.authorize(secretCode, code);

Do we authorize OTP code and scratch code same method (authorize())?

Thank you and look forward to your response.

esk · Answer 1 · Fri Oct 25 2019 10:02:29 GMT+0800 (China Standard Time)

I agree with @liond92, scratch codes aren't working.

IanSolomon · Answer 2 · Mon Mar 02 2020 18:53:21 GMT+0800 (China Standard Time)

For anyone having the same issue looking at the 1.2.0 manual sadly could not find a 1.4.0 one at time of writing looks like the scratch codes are generated but its down to you to choose how you want to implement the one time password validation

How scratch codes are used, however, is a responsibility of the prover and this library offers no facility to store them or validate them.

FYI @liond92 @eltonkent

Enrico Maria Crisostomo · Answer 3 · Mon Mar 02 2020 19:14:20 GMT+0800 (China Standard Time)

Correct: generating scratch codes is a feature that has been provided to emulate what Google was doing at the time, but it's up to the library user to decide how to store a user's scratch codes and validate them.